...
In this example, a bitwise complement of port
is first computed and then shifted 4 bits to the right. If both of these operations are performed on an 8-bit unsigned integer, then result_8
will have the value 0x0a
. However, port
is first promoted to a signed int
, with the following results (on a typical architecture where type int
is 32 bits wide):
Expression | Type | Value | Notes |
---|---|---|---|
|
|
|
|
|
|
|
|
| Whether or not value is negative is implementation-defined. |
|
|
|
Compliant Solution
In this compliant solution, the bitwise complement of port
is converted back to 8 bits. Consequently, result_8
is assigned the expected value of 0x0aU
.
...
Bitwise operations on shorts and chars can produce incorrect data.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP14-C | low | likely | high | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported | |||||||
Axivion Bauhaus Suite |
| CertC-EXP14 | Fully implemented | ||||||
CodeSonar |
| LANG.CAST.RIP | Risky integer promotion | ||||||
Compass/ROSE |
| CC2.EXP14 | Fully implemented | |||||||
Parasoft C/C++test |
| CERT_C-EXP14-a | Avoid mixing arithmetic of different precisions in the same expression |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID EXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts |
MISRA-C | Rule 10.5 |
...
...